Microsoft is probing whether the leak from its early alert system for cybersecurity companies on Chinese hackers have exploited flaws in its SharePoint service before they were patched, allowed by the cybersecurity companies, Bloomberg reported
A recently released Microsoft security patch failed to fully address a critical vulnerability in its SharePoint server software, enabling a large-scale cyber espionage campaign, reportedly involving at least three Chinese hacking groups.
In a blog post published Tuesday, Microsoft disclosed that state-linked actors, identified as “Linen Typhoon” and “Violet Typhoon”, are actively exploiting the flaw. A third, unnamed China-based group is also believed to be involved.
The company is now investigating whether the leak of vulnerability details from its Microsoft Active Protections Program (MAPP) contributed to the widespread exploitation. “We continually evaluate the efficacy and security of all of our partner programs and make the necessary improvements as needed,” Microsoft stated to Reuters.
The flaw was first demonstrated in May by Dinh Ho Anh Khoa, a researcher at Vietnamese cybersecurity firm Viettel, during the Pwn2Own conference in Berlin. Organized by Trend Micro’s Zero Day Initiative, the event rewards ethical disclosures of software flaws. Khoa received a $100,000 prize, and Microsoft released an initial patch in July.
However, according to Dustin Childs, head of threat awareness at Zero Day Initiative, MAPP partners were alerted to the vulnerability on June 24, July 3, and July 7. Microsoft confirmed that exploit attempts began on July 7, the same day as the final partner notification.
“The likeliest scenario is that someone in the MAPP program used that information to create the exploits,” said Childs. While it remains unclear who leaked the data, he added that given the origin of many attacks, “it seems reasonable to speculate it was a company in [China].”
This isn’t the first suspected breach from MAPP. In 2012, Microsoft expelled Chinese firm DPTech Technologies for leaking confidential data. “Microsoft takes breaches of its NDAs very seriously,” the company emphasized.
